Open
Cached
·
just now
22
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Vary
origin
connection: close vary: origin
Caching Headers
Cache-Control
must-revalidate,no-cache,no-store
cache-control: must-revalidate,no-cache,no-store
Content Headers
Content-Length
197
Content-Type
text/html;charset=iso-8859-1
content-length: 197 content-type: text/html;charset=iso-8859-1
Server Headers
Server
cloudflare
server: cloudflare
CORS Headers
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
Access-Control-Allow-Methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
Access-Control-Expose-Headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
Access-Control-Max-Age
604800
access-control-allow-credentials: true access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing access-control-max-age: 604800
Cookies Headers
Other Headers
Cf-Cache-Status
DYNAMIC
Cf-Ray
9f8ba95ad863c651-IAD
Date
Fri, 08 May 2026 21:47:12 GMT
Nel
Report-To Group
cf-nel
max-age: 1w
success: 1.0%
Report-To
Server-Timing
hcid;desc="019e098f-14e1-7d37-a13c-332ce91ba9de", cfr;desc="9f8ba95ad863c651-IAD"
Timing-Allow-Origin
*
X-Hubspot-Correlation-Id
019e098f-14e1-7d37-a13c-332ce91ba9de
cf-cache-status: DYNAMIC
cf-ray: 9f8ba95ad863c651-IAD
date: Fri, 08 May 2026 21:47:12 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lH7CBMDFUzF%2Fb8gPCRiZ8w6%2F%2BPcQVm9fnd6NFfNjg4ax%2Ffwk1MVaNRyMLTkBSiDqiTK0lsCjvk1F0MjD1oa8cmZbAR6pSvdWF9XaFYjOLIgoQb8sW46hg23nSFgoFNqYcj5NcCgsEr0%3D"}],"group":"cf-nel","max_age":604800}
server-timing: hcid;desc="019e098f-14e1-7d37-a13c-332ce91ba9de", cfr;desc="9f8ba95ad863c651-IAD"
timing-allow-origin: *
x-hubspot-correlation-id: 019e098f-14e1-7d37-a13c-332ce91ba9de
Recommendations
Enable compression (gzip/brotli) to improve performance